Le jeu. 16 août 2012 19:38:31 CEST, NoOp a écrit:
On 08/16/2012 04:45 AM, Philippe Naudin wrote:
Hello,
I am using LibreOffice x86_64 on Linux, installed from official rpms.
Since it got updated to Version 3.6.0.4 (Build ID: 932b512), rkhunter
whines :
Checking for packet capturing applications
Warning: Process '/opt/libreoffice3.6/program/soffice.bin' (PID 15079) is listening on the
network.
lsof -i doesn't show anything related to soffice, but lsof -U shows :
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
soffice.b 15079 naudin 11u unix 0xffff8100883b7c80 0t0 352208 socket
X 2924 root 44u unix 0xffff8100883b7980 0t0 352209 /tmp/.X11-unix/X0
soffice.b 15079 naudin 12u unix 0xffff8100883b7680 0t0 352210
/tmp/OSL_PIPE_1058_SingleOfficeIPC_474aee6e854ee537ef2ad5a42cd51fe9
soffice.b 15079 naudin 22u unix 0xffff8100883b7080 0t0 352223 socket
X 2924 root 46u unix 0xffff8100883b7380 0t0 352224 /tmp/.X11-unix/X0
The same rkhunter has no problem with LibreOffice 3.5.4.2, Build ID:
165a79a-7059095-e13bb37-fef39a4-9503d18, also an official rpm for Linux
x86_64.
But LibreOffice-3.5 only use one socket, the /tmp/OSL_PIPE one.
Is there a way to turn off these extra sockets in 3.6 ?
Thanks,
I can't replicate on the deb version with:
Rootkit Hunter version 1.3.8
What version of rkhunter & have you:
rkhunter --update
to ensure that your rkhunter is up to date?
Version 3.6.0.4 (Build ID: 932b512)
I won't be able to check an rpm version until later - sorry.
Hi,
Thanks for your reply. I'm using a rpm ;), it is rkhunter-1.4.0-1.el5.
Of course I can get rkhunter silent with something like
DISABLE_TESTS="hidden_ports" or ALLOWPROCLISTEN="soffice.bin".
In this case it will not complain about LibreOffice listening on
the network... even when I open a file with some malware inside.
Can you check the output of this command :
lsof -U | grep soffice
With LibreOffice-3.5, I get only one line (/tmp/OSL_PIPE_...), but
with LibreOffice-3.6 I get two more lines, two unix sockets.
Regards,
--
Philippe Naudin
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.